asked on

GRE / IPSEC pass through

I am in the process of setting up a new facility. I have a vendor who is going to be onsite and will have his own network. I have a cisco 2811and I am in the initial configuration stage, so nothing is locked down, yet! This vendor has his own cisco router, and is going to connect via gre / ipsec to his corporate network. I have configured a static nat that takes all the traffic from the public ip address, nats it to the static address (the vendors router interface). The tunnel doesn't come up. Am I missing something? Can I pass this through with static nat? My code pieces are below. Thanks in advance for any help someone can provide. I am also using dynamic nat on the serial interface for browsing.

interface FastEthernet0/1.31
 description vendor network
 encapsulation dot1Q 31
 ip address 10.38.31.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 
 
 
interface Serial0/0/0:0
 description Connection to internet
 bandwidth 1536
 ip address 12.y.y.5 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no cdp enable
 
 
ip nat inside source static 10.38.31.2 12.x.x.1 
ip nat inside source static 10.38.31.2 
 
! 12.x.x.1 public ip address on my network (vendor connects to this address)
! 10.38.31.2 vendors ethernet port on their router

Open in new window

ASKER CERTIFIED SOLUTION

JFrederick29

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

holidayinnexpress

ASKER

Jfrederick you are exactly correct. I noticed this yesterday, and inserted that statement. The GRE tunnel established but we could never get the ipsec up and ultimately traffic to pass. I was receiving unexpected packet on port 4500. We decided to punt on this and i ended up putting the public address on the ethernet port and locking it down with acl's. Thanks for the response.